Re: git: b4f09ace0fb2 - main - security/vuxml: Fix range for OpenSSH vuln.

In reply to: Bryan Drewery : "git: b4f09ace0fb2 - main - security/vuxml: Fix range for OpenSSH vuln."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Craig Leres <leres_at_freebsd.org>
Date: Tue, 02 Jul 2024 16:44:58 UTC

On 7/2/24 09:13, Bryan Drewery wrote:
> The branch main has been updated by bdrewery:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=b4f09ace0fb2a43504a5d63501ddf3503a67da76
> 
> commit b4f09ace0fb2a43504a5d63501ddf3503a67da76
> Author:     Bryan Drewery <bdrewery@FreeBSD.org>
> AuthorDate: 2024-07-02 16:13:40 +0000
> Commit:     Bryan Drewery <bdrewery@FreeBSD.org>
> CommitDate: 2024-07-02 16:13:51 +0000
> 
>      security/vuxml: Fix range for OpenSSH vuln.
>      
>      Security:       f1a00122-3797-11ef-b611-84a93843eb75
> ---
>   security/vuxml/vuln/2024.xml | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
> index cb0b4fc0ffb3..373d4938fd97 100644
> --- a/security/vuxml/vuln/2024.xml
> +++ b/security/vuxml/vuln/2024.xml
> @@ -73,7 +73,7 @@
>       <affects>
>         <package>
>   	<name>openssh-portable</name>
> -	<range><lt>9.7_1,1</lt></range>
> +	<range><lt>9.7_2,1</lt></range>
>         </package>
>       </affects>
>       <description>

I believe this is still wrong, it should be 9.7.p1_2,1 (my systems still 
report as vulnerable after updating).

		Craig

fun 52 # pkg info | fgrep openssh
openssh-portable-9.7.p1_2,1    The portable version of OpenBSD's OpenSSH
fun 53 # pkg audit -qF -f /var/db/pkg/vuln.xml
openssh-portable-9.7.p1_2,1